Hellu,
Elephantwalker,
I was looking at the security role/group mapping but don't understand quite
well how and where to define it.
I have a user/group defined in the principles.xml, but don't know how and
where to I define a role and map this on the goup ?
I was going through the xml files, especially the orion-ejb.xml file, and
can't find anyting to define a role and method patterns ??
Where can I find an example as I can't find it in the Orion distribution dir
?
Please some help ?
Eddie
----- Original Message -----
From: "The elephantwalker" <[EMAIL PROTECTED]>
To: "Orion-Interest" <[EMAIL PROTECTED]>
Sent: Sunday, September 16, 2001 2:17 AM
Subject: RE: Restricting access to only Session Manager ?
> The point was to use the facade pattern. Only access the entity bean in
the
> slsb, and use slsb methods from the servlet or client to mutate date AND
get
> data. You can also use authentication role's on your slsb methods to
> restrict or prevent access.
>
> This is what we on our www.elephantwalker.com site. We never access an
> entity bean directly from a servlet, but use a slsb to do this. This way
we
> are sure that the correct business methods are be used and coordinated.
>
> Even if we tried to access an entity bean method, we wouldn't be able to
> look up the context of the entity bean in the servlet.
>
> Regards,
>
> the elephantwalker
>
> -----Original Message-----
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]]On Behalf Of Eddie Post
> Sent: Saturday, September 15, 2001 1:33 PM
> To: Orion-Interest
> Subject: RE: Restricting access to only Session Manager ?
>
>
> Elephantwalker,
>
> Thanks (see below)
>
> >an ejb reference. This means that your container will not allow you to
get
> >the context for your entity ejb, so you won't be able to call any methods
> >from the client.
>
> But then I also can't call the entity get methods ??, or can I ?. Which is
> what I want.
>
> Eddie
>
>
>
> >From: "The elephantwalker" <[EMAIL PROTECTED]>
> >Reply-To: Orion-Interest <[EMAIL PROTECTED]>
> >To: Orion-Interest <[EMAIL PROTECTED]>
> >Subject: RE: Restricting access to only Session Manager ?
> >Date: Sat, 15 Sep 2001 09:31:55 -0700
> >
> >Eddie,
> >
> >Use your slsb or sfsb (the session manager) as your facade to the ejb for
> >all access. In your web.xml or client.xml, only refer to the slsb or sfsb
> >as
> >an ejb reference. This means that your container will not allow you to
get
> >the context for your entity ejb, so you won't be able to call any methods
> >from the client.
> >
> >You can control security on your session manager by creating security
> >constraints for each method, or for method name patterns. This way, you
can
> >allow the "client" role access to methods which get*, and "mutator" role
> >access to methods change*.
> >
> >In orion, you map the roles to groups (role is a j2ee idea, whereas
groups
> >is an Orion deployment specification). The groups are defined in the
> >principals.xml file of the META-INF directory for the ear file. The group
> >to
> >role mapping is defined in all of the orion-*.xml files such as
> >orion-ejb-jar.xml, orion-web.xml, orion-application.xml. This allows the
> >same group to be assigned to different roles in different
applications...a
> >good idea when you think that various jar/war/ear files may be from
> >different vendors, and have different names for their j2ee roles.
> >
> >
> >regards,
> >
> >the elephantwalker
> >
> >
> >-----Original Message-----
> >From: [EMAIL PROTECTED]
> >[mailto:[EMAIL PROTECTED]]On Behalf Of Ed Bras
> >Sent: Saturday, September 15, 2001 3:09 AM
> >To: Orion-Interest
> >Subject: Restricting access to only Session Manager ?
> >
> >
> >Hellu,
> >
> >How can I configure Orion and my J2EE application such that client
> >applications are only able to call the get methods of the entity beans ?
> >I want that all modification are done throw the Session Manager. The
> >Session manager functiones as an intermediate to the entity beans.
> >I am using CMP on Orion 1.5.1 with Java 1.3.
> >
> >Eddie
> >
> >
>
>
> _________________________________________________________________
> Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp
>
>
>
>
